Pristi Vystupuju!
Back to home

Privacy Policy

Effective: 2026-06-17

DRAFT — pending legal review for Pristi Vystupuju! (a free tram card game). Copied from the MTG B2C template (a paid AI SaaS). Pristi's alpha collects only account identity (email + game persona); it has no payments, no AI features, no marketing email. The Stripe / AI-provider / credit / Listmonk passages must be reviewed and trimmed by the owner/legal before go-live, and the data-inventory tables reconciled to what pristi actually stores. Legal pages are not a standup acceptance gate.

This Privacy Policy describes how [PLACEHOLDER — Company name] ("Company", "we", "us") collects, uses, and protects your personal data when you use our services. We are committed to GDPR compliance and transparency about data processing. This policy is provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

1. Data Controller

[PLACEHOLDER — Company name], registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File [PLACEHOLDER], is the data controller for the personal data processed through our services.

  • Company name: [PLACEHOLDER]
  • ICO (Company ID): [PLACEHOLDER]
  • Registered office: [PLACEHOLDER], Prague, Czech Republic
  • Email: privacy@[PLACEHOLDER].com
  • Phone: +420 [PLACEHOLDER]
  • Data Protection Officer (DPO): dpo@[PLACEHOLDER].com

2. Data We Collect

2.1 Data You Provide

We collect the following categories of personal data that you voluntarily provide to us:

| Data Category | Examples | Purpose | |---|---|---| | Account data | Name, email, password hash | Account creation and authentication | | Profile data | Display name, avatar, bio | Personalization | | Payment data | Billing address, payment method (via Stripe) | Subscription and payment processing | | Communication data | Email preferences, support messages | Service communication and marketing | | Consent records | Consent type, timestamp, IP address, policy version accepted | Demonstrating lawful consent under Art. 7 GDPR |

2.2 Data Collected Automatically

When you use our services, we automatically collect the following data:

| Data Category | Examples | Purpose | |---|---|---| | Session data | IP address, user agent, device info | Security and session management | | Usage data | Feature usage, credit consumption | Service improvement and billing | | Audit logs | Login events, settings changes | Security and compliance | | Email tracking | Open/click tracking via Postmark (transactional) and Listmonk (marketing) | Measuring email deliverability and engagement |

2.3 Data from Third Parties

If you choose to sign in using a social login provider, we receive the following personal data from that provider:

| Provider | Data Received | Purpose | |---|---|---| | Google | Name, email address, profile picture | Account creation and authentication | | GitHub | Name, email address, profile picture | Account creation and authentication |

In accordance with Art. 14(2)(f) GDPR, we disclose that the source of this data is the respective social login provider's OAuth 2.0 API, accessed only when you explicitly initiate the sign-in flow and grant permission through that provider's consent screen.

3. Obligation to Provide Data

In accordance with Art. 13(2)(e) GDPR, we inform you of the following regarding the necessity of providing personal data:

  • Required for contract performance: Email address and password (or social login credentials) are required to create an account and use our services. Without this data, we cannot provide the service.
  • Required for paid features: Billing information (processed by Stripe) is required to subscribe to paid plans. Without this data, you may only use the free tier.
  • Optional data: Display name, avatar, and bio are entirely optional. You may use the service without providing these. Not providing optional data may result in a less personalized experience but will not affect core functionality.

If you do not provide the required data (email and password), we will be unable to create your account and you will not be able to access the service.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds, mapped to each processing activity:

| Processing Activity | Legal Basis | Details | |---|---|---| | Account creation and authentication | Contract performance (Art. 6(1)(b)) | Necessary to provide the service you requested | | Subscription and payment processing | Contract performance (Art. 6(1)(b)) | Necessary to fulfill paid subscription agreements | | Transactional emails (Postmark) | Contract performance (Art. 6(1)(b)) | Password resets, account notifications, billing receipts | | AI-powered features (credit-based) | Contract performance (Art. 6(1)(b)) | User-initiated AI features that consume purchased credits | | Session management and security logging | Legitimate interest (Art. 6(1)(f)) | Protecting the security of user accounts and preventing unauthorized access | | Fraud prevention and abuse detection | Legitimate interest (Art. 6(1)(f)) | Maintaining platform integrity and preventing financial fraud | | Service improvement and usage analytics | Legitimate interest (Art. 6(1)(f)) | Understanding service usage patterns to improve product quality | | Email open/click tracking (transactional) | Legitimate interest (Art. 6(1)(f)) | Monitoring deliverability and effectiveness of essential service communications | | Marketing emails (Listmonk) | Consent (Art. 6(1)(a)) | Opt-in required; withdrawable at any time via unsubscribe link or Account Settings | | Analytics cookies | Consent (Art. 6(1)(a)) | Non-essential; blocked until explicit consent given | | Marketing cookies | Consent (Art. 6(1)(a)) | Non-essential; blocked until explicit consent given | | Tax and billing records retention | Legal obligation (Art. 6(1)(c)) | Czech tax law requires 6-year retention of financial records | | Law enforcement requests | Legal obligation (Art. 6(1)(c)) | Compliance with valid legal orders from competent authorities |

For all processing activities based on legitimate interest, we have conducted documented Legitimate Interest Assessments (LIAs) that are available on request to our DPO at dpo@[PLACEHOLDER].com.

5. AI-Powered Features

Our service includes optional AI-powered features that consume credits from your account balance. This section describes how data is processed in connection with these features.

5.1 What AI Features Exist

AI-powered features include but are not limited to: [PLACEHOLDER — describe specific AI features, e.g., content generation, image analysis, automated tagging]. These features are user-initiated and consume credits according to the pricing displayed before each use.

5.2 Data Sent to AI Providers

When you use an AI-powered feature, we transmit the following data to our AI provider:

  • The input you provide (e.g., text prompt, uploaded image, selected content).
  • A pseudonymous session identifier (not your email, name, or account ID).
  • No payment data, password hashes, or other account data is ever sent to the AI provider.

AI Provider: [PLACEHOLDER — e.g., OpenAI, Anthropic, or other provider name]. The AI provider processes data as a sub-processor under a Data Processing Agreement with us.

5.3 Storage of Inputs and Outputs

AI inputs and outputs are stored in our database linked to your account so you can review your history. This data is subject to the same retention and deletion policies as other account data (see Section 12).

5.4 No Model Training Without Consent

Your data is not used for training AI models. Our agreement with [PLACEHOLDER — AI provider name] explicitly prohibits the use of customer data for model training. If we ever introduce opt-in model training features, we will obtain your explicit consent (Art. 6(1)(a) GDPR) before any data is used for such purposes.

5.5 AI Content Labeling

In preparation for the EU AI Act (Regulation (EU) 2024/1689), and specifically Art. 50 regarding transparency obligations for certain AI systems, content generated by AI features is clearly labeled as AI-generated within the service.

5.6 Credit Consumption Model

AI features operate on a credit-based system. Credits are purchased as part of your subscription or as add-ons. Each AI operation deducts credits from your balance at a rate disclosed before the operation begins.

6. Automated Decision-Making & Profiling

In accordance with Art. 13(2)(f) and Art. 22 GDPR, we inform you about automated decision-making in our service:

6.1 General Statement

We do not engage in fully automated decision-making that produces legal effects or similarly significantly affects you, as described in Art. 22(1) GDPR, except as described below regarding inactive account cleanup.

6.2 Credit Deduction

Credit deduction for AI feature usage is triggered by your explicit action (clicking "Generate" or equivalent). This is a user-initiated transaction, not an automated decision.

6.3 Account Suspension

Account suspension is a manual decision made by an authorized administrator after review. It is not an automated process. You will be notified of any suspension with reasons and may appeal via support@[PLACEHOLDER].com.

6.4 Inactive Account Cleanup

For accounts on the paid_only tier whose subscription has lapsed and that have been inactive for [PLACEHOLDER — e.g., 12 months], we run an automated process that marks these accounts for deletion. This process:

  • Sends a warning email 30 days before the scheduled deletion date.
  • Sends a final reminder 7 days before deletion.
  • Moves the account to pending_deletion status, allowing you to reactivate by logging in within the notice period.
  • After the notice period, the account enters permanent deletion.

Because this automated process may result in the deletion of your account and associated data, we provide the following safeguards under Art. 22(3) GDPR: you may contest the decision, request human intervention by contacting support@[PLACEHOLDER].com, and express your point of view. An administrator will review your case within 5 business days.

6.5 Subscription Changes via Stripe Webhooks

When Stripe processes subscription events (e.g., renewal, cancellation, payment failure), our system automatically updates your account status based on Stripe webhook notifications. These changes reflect the state of your subscription agreement with Stripe and do not constitute autonomous automated decisions by us.

6.6 Right to Contest

For any processing described in this section, you have the right to obtain human intervention, express your point of view, and contest any decision by contacting our DPO at dpo@[PLACEHOLDER].com.

7. Third-Party Processors & Recipients

We share your data with the following third-party processors, all of whom operate under Data Processing Agreements (DPAs) compliant with Art. 28 GDPR:

| Processor | Purpose | Data Shared | Location | Transfer Mechanism | |---|---|---|---|---| | Stripe, Inc. | Payment processing | Email, billing address, payment method | USA | EU-US Data Privacy Framework (DPF) | | Postmark (ActiveCampaign) | Transactional email delivery | Email address, name | USA | SCCs + supplementary measures | | Listmonk (self-hosted) | Marketing email management | Email address, subscription preferences | EU (self-hosted) | No transfer (EU-based infrastructure) | | Coolify (self-hosted) | Infrastructure hosting | All data (hosted on our infrastructure) | EU (self-hosted) | No transfer (EU-based infrastructure) | | [PLACEHOLDER — AI Provider] | AI feature processing | User inputs (prompts, content), pseudonymous session ID | [PLACEHOLDER] | [PLACEHOLDER — DPF / SCCs] |

Note on Stripe: For certain processing activities (fraud prevention, regulatory compliance), Stripe may act as an independent data controller rather than a processor. In such cases, Stripe's own Privacy Policy governs that processing. See stripe.com/privacy.

Copies of our Data Processing Agreements are available on request by contacting our DPO.

8. International Data Transfers

Our primary infrastructure is self-hosted within the European Union (Coolify, Listmonk). However, certain third-party processors are located outside the EU/EEA:

8.1 Stripe, Inc.

Stripe is a participant in the EU-US Data Privacy Framework (DPF) as certified by the US Department of Commerce. Transfers to Stripe are made on the basis of an adequacy decision pursuant to Art. 45 GDPR, referencing the EU-US DPF.

8.2 Postmark (ActiveCampaign)

Transfers to Postmark are governed by Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision 2021/914), supplemented by additional technical and organizational measures including encryption in transit and at rest. We have conducted a Transfer Impact Assessment (TIA) for this transfer.

8.3 [PLACEHOLDER — AI Provider]

[PLACEHOLDER — describe transfer mechanism for AI provider, DPF participation status, SCCs if applicable, and TIA results.]

8.4 Self-Hosted Services

Listmonk and Coolify are self-hosted on EU-based infrastructure. No international data transfer occurs for data processed by these services.

8.5 Contingency Measures

In the event that the EU-US Data Privacy Framework is invalidated by a court of competent jurisdiction, we will promptly transition affected transfers to Standard Contractual Clauses with supplementary measures, or explore alternative transfer mechanisms approved by the European Commission.

9. Cookies and Tracking Technologies

We use the following categories of cookies:

  • Strictly necessary: Authentication session cookies and CSRF protection. Cannot be disabled. These cookies do not require consent.
  • Analytics: Anonymous usage statistics to improve our services. Requires your explicit consent.
  • Marketing: Campaign tracking for marketing communications. Requires your explicit consent.

For a complete inventory of cookies including names, providers, purposes, and durations, please refer to our Cookie Policy.

9.1 Consent Mechanism

Non-essential cookies are technically blocked until you provide active consent. Our cookie banner provides "Accept All" and "Reject All" buttons with equal prominence per CNIL and EDPB guidance. You can change your preferences at any time through the cookie banner or Account Settings.

9.2 Email Tracking

Our email service providers (Postmark for transactional, Listmonk for marketing) may use tracking pixels to measure email open rates and link clicks. You can disable email tracking by using a mail client that blocks remote images, or by unsubscribing from marketing emails via Account Settings.

10. Children's Privacy

Our service is not directed at children. In accordance with Czech Act No. 110/2019 Sb. on the processing of personal data (implementing GDPR Art. 8(1) derogation), the minimum age for consent to information society services in the Czech Republic is 15 years old.

We do not knowingly collect personal data from individuals under the age of 15. If we become aware that we have inadvertently collected personal data from a person under 15 without valid parental or guardian consent, we will:

  • Immediately suspend the account to prevent further data processing.
  • Delete the personal data within 72 hours of discovery.
  • Notify the parent or guardian if their contact information is available.

If you are a parent or guardian and believe your child under 15 has created an account, please contact our DPO at dpo@[PLACEHOLDER].com or call +420 [PLACEHOLDER].

11. Your Rights (GDPR Articles 15–22)

As an EU/EEA resident, you have the following rights:

  • Right of access (Art. 15) — Request a copy of your personal data.
  • Right to rectification (Art. 16) — Correct inaccurate data via Account Settings.
  • Right to erasure (Art. 17) — Request account deletion with a 30-day grace period.
  • Right to data portability (Art. 20) — Export your data in a machine-readable format via Account Settings.
  • Right to restrict processing (Art. 18) — Request limitation of processing in certain circumstances.
  • Right to object (Art. 21) — Object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time (e.g., marketing emails) without affecting prior processing.
  • Right not to be subject to automated decisions (Art. 22) — You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
  • Right to lodge a complaint (Art. 77) — You may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

11.1 How to Exercise Your Rights

To exercise any of these rights, visit Account Settings or contact us at privacy@[PLACEHOLDER].com.

11.2 Response Timeline

We will respond to your request within 30 days of receipt. If your request is particularly complex or we receive a large number of requests, we may extend this period by up to 2 additional months in accordance with Art. 12(3) GDPR. In such cases, we will inform you of the extension and the reasons for the delay within the initial 30-day period.

Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive (particularly if repetitive), we may charge a reasonable fee or refuse to act, in accordance with Art. 12(5) GDPR.

12. Data Retention

  • Active accounts: Data retained for the duration of account activity.
  • Deleted accounts: 30-day grace period (soft delete via pending_deletion status), then permanent deletion. During the grace period, you may reactivate your account by logging in. After permanent deletion, account data is irreversibly removed from our production systems.
  • Anonymized audit logs: Retained indefinitely after account deletion for security and compliance purposes. All personally identifiable information is removed; only anonymized event records remain.
  • Billing records and credit transactions: Retained for 6 years after the transaction date, in compliance with Czech tax law (Act No. 563/1991 Sb., on accounting). Records are anonymized after account deletion but retained for the full statutory period.
  • Consent logs: Consent records survive account deletion in anonymized form (user ID replaced with a hash, IP address truncated). Consent logs are retained for 3 years after the consent is withdrawn or the account is deleted, whichever is later, in accordance with the accountability principle (Art. 5(2) GDPR).
  • Session data: Automatically purged 90 days after last activity.
  • Email send logs: Retained for 1 year, then deleted.
  • AI inputs and outputs: Retained for the lifetime of the account. Deleted when the account is permanently deleted.

12.1 Pending Deletion Lifecycle

When you request account deletion (via Account Settings or by contacting us), the following lifecycle applies:

  1. Account status is set to pending_deletion. A confirmation email is sent.
  2. During the 30-day grace period, your account is deactivated (no public profile, no active sessions) but all data is preserved.
  3. You may cancel deletion at any time during the grace period by logging in, which restores your account to active status.
  4. After 30 days, permanent deletion is executed: personal data is removed, billing records are anonymized (but retained per statutory requirements), consent logs are anonymized, and audit logs are anonymized.

13. Data Security & Data Protection Impact Assessments

We implement appropriate technical and organizational measures:

  • Passwords hashed with bcrypt (cost factor 12).
  • All data encrypted in transit (TLS 1.3) and at rest.
  • Two-factor authentication (TOTP) available for all accounts.
  • Session management with device tracking and revocation.
  • Regular security audits and penetration testing.
  • Access controls and audit logging for all administrative actions.
  • Database backups encrypted and stored in geographically separate EU-based locations.

13.1 Data Protection Impact Assessments (DPIAs)

In accordance with Art. 35 GDPR, we have conducted Data Protection Impact Assessments for the following processing activities that are likely to result in a high risk to individuals:

  • AI-powered features: Assessment of data sent to third-party AI providers, including risks related to data in transit, provider data handling practices, and potential re-identification.
  • Large-scale user data processing: Assessment of our core platform processing activities, including account management, session tracking, and usage analytics at scale.
  • Automated account cleanup: Assessment of the zombie cleanup process for paid_only accounts (see Section 6.4).

DPIA summaries are available on request to our DPO.

13.2 Incident Response

We maintain a documented incident response plan that covers identification, containment, eradication, recovery, and post-incident review.

13.3 Data Minimization

In accordance with Art. 5(1)(c) GDPR, we collect only personal data that is adequate, relevant, and limited to what is necessary for the stated purposes. Optional profile fields (avatar, bio, display name) are never required for core service functionality.

14. Data Breach Notification

In accordance with Art. 33 and Art. 34 GDPR, we have established the following data breach notification procedures:

14.1 Notification to Supervisory Authority

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the Office for Personal Data Protection (UOOU) within 72 hours of becoming aware of the breach, in accordance with Art. 33(1) GDPR.

14.2 Notification to Affected Users

Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify affected users without undue delay, in accordance with Art. 34(1) GDPR.

14.3 Notification Content

Breach notifications to both the supervisory authority and affected users will include:

  • The nature of the personal data breach, including the categories and approximate number of data subjects and records concerned.
  • The likely consequences of the breach.
  • The measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects.
  • The name and contact details of our Data Protection Officer (dpo@[PLACEHOLDER].com, +420 [PLACEHOLDER]).

15. Consent Records

To demonstrate compliance with Art. 7(1) GDPR, we maintain consent logs recording each consent event with: consent type, timestamp, IP address, user agent, and policy version accepted. Consent types tracked include: Terms of Service acceptance, Privacy Policy acknowledgment, marketing communications opt-in, analytics cookies, and marketing cookies. Consent records survive account deletion in anonymized form (user ID hashed, IP address truncated) and are retained for 3 years after consent withdrawal or account deletion, whichever is later.

16. Admin Access and Impersonation

Authorized administrators may access user accounts for customer support and technical troubleshooting. Impersonation sessions are limited to 1 hour, restricted from sensitive actions (password changes, account deletion, billing modifications, 2FA changes), and fully logged in the audit trail including administrator identity, timestamp, duration, and all actions performed. You can view admin access events in your Account Settings audit log.

17. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our processing activities, legal requirements, or best practices.

  • Version history: A version history of this policy is maintained. Previous versions are available on request by contacting our DPO.
  • Material changes: For material changes that affect the way we process your personal data, we will provide at least 30 days' advance notice via email and a prominent notice on our website.
  • Renewed consent: Where material changes affect processing based on your consent (e.g., new categories of marketing communications), we will request renewed consent before applying the changes to your data.
  • Continued use: For non-material changes (e.g., formatting, clarifications), your continued use of the service after the updated policy takes effect constitutes your acknowledgment of the changes.

18. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. For the Czech Republic, this is the Office for Personal Data Protection (Urad pro ochranu osobnich udaju, UOOU):

  • Website: www.uoou.cz
  • Address: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
  • Email: posta@uoou.cz

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence or place of work.

19. Contact

For privacy-related inquiries, contact our Data Protection Officer:

  • Email: dpo@[PLACEHOLDER].com
  • Phone: +420 [PLACEHOLDER]
  • Address: [PLACEHOLDER], Prague, Czech Republic